mirror of
https://github.com/Proxmark/proxmark3.git
synced 2024-09-21 23:36:51 +08:00
mf check keys in lua-space
This commit is contained in:
parent
c00f0dbfda
commit
16b04cb291
153
client/mf_default_keys.lua
Normal file
153
client/mf_default_keys.lua
Normal file
|
@ -0,0 +1,153 @@
|
|||
|
||||
|
||||
local _keys = {
|
||||
|
||||
--[[
|
||||
|
||||
These keys are from the pm3 c-codebase.
|
||||
|
||||
--]]
|
||||
'fffffffffff0', -- Default key (first key used by program if no user defined key)
|
||||
'000000000000', -- Blank key
|
||||
'a0a1a2a3a4a5', -- NFCForum MAD key
|
||||
'b0b1b2b3b4b5',
|
||||
'aabbccddeeff',
|
||||
'4d3a99c351dd',
|
||||
'1a982c7e459a',
|
||||
'd3f7d3f7d3f7',
|
||||
'714c5c886e97',
|
||||
'587ee5f9350f',
|
||||
'a0478cc39091',
|
||||
'533cb6c723f6',
|
||||
'8fd0a4f256e9',
|
||||
|
||||
|
||||
--[[
|
||||
The data below is taken form the Slurp project,
|
||||
https://github.com/4ZM/slurp/blob/master/res/xml/mifare_default_keys.xml
|
||||
released as GPLV3.
|
||||
|
||||
--]]
|
||||
|
||||
'000000000000', -- Default key
|
||||
'fffffffffff0', -- Default key
|
||||
'b0b1b2b3b4b5', -- Key from mfoc
|
||||
'4d3a99c351dd', -- Key from mfoc
|
||||
'1a982c7e459a', -- Key from mfoc
|
||||
'aabbccddeeff', -- Key from mfoc
|
||||
'714c5c886e97', -- Key from mfoc
|
||||
'587ee5f9350f', -- Key from mfoc
|
||||
'a0478cc39091', -- Key from mfoc
|
||||
'533cb6c723f6', -- Key from mfoc
|
||||
'8fd0a4f256e9', -- Key from mfoc
|
||||
-- Data from: http://pastebin.com/wcTHXLZZ
|
||||
'a64598a77478', -- RKF SL Key A
|
||||
'26940b21ff5d', -- RKF SL Key A
|
||||
'fc00018778f7', -- RKF SL Key A
|
||||
'00000ffe2488', -- RKF SL Key B
|
||||
'5c598c9c58b5', -- RKF SL Key B
|
||||
'e4d2770a89be', -- RKF SL Key B
|
||||
-- Data from: http://pastebin.com/svGjN30Q
|
||||
'434f4d4d4f41', -- RKF JOJO GROUP Key A
|
||||
'434f4d4d4f42', -- RKF JOJO GROUP Key B
|
||||
'47524f555041', -- RKF JOJO GROUP Key A
|
||||
'47524f555042', -- RKF JOJO GROUP Key B
|
||||
'505249564141', -- RKF JOJO PRIVA Key A
|
||||
'505249564142', -- RKF JOJO PRIVA Key B
|
||||
-- Data from: http://pastebin.com/d7sSetef
|
||||
'fc00018778f7', -- RKF Rejskort Danmark Key A
|
||||
'00000ffe2488', -- RKF Rejskort Danmark Key B
|
||||
'0297927c0f77', -- RKF Rejskort Danmark Key A
|
||||
'ee0042f88840', -- RKF Rejskort Danmark Key B
|
||||
'722bfcc5375f', -- RKF Rejskort Danmark Key A
|
||||
'f1d83f964314', -- RKF Rejskort Danmark Key B
|
||||
-- Data from: http://pastebin.com/pvJX0xVS
|
||||
'54726176656C', -- Transport Key A
|
||||
'776974687573', -- Transport Key B
|
||||
'4AF9D7ADEBE4', -- Directory and event log Key A
|
||||
'2BA9621E0A36', -- Directory and event log Key B
|
||||
-- Data from: http://pastebin.com/Dnnc5dFC
|
||||
-- New cards are not encrypted (MF Ultralight)
|
||||
'fc00018778f7', -- Västtrafiken Key A
|
||||
'00000ffe2488', -- Västtrafiken Key B
|
||||
'0297927c0f77', -- Västtrafiken Key A
|
||||
'ee0042f88840', -- Västtrafiken Key B
|
||||
'54726176656c', -- Västtrafiken Key A
|
||||
'776974687573', -- Västtrafiken Key B
|
||||
-- Data from: http://pastebin.com/y3PDBWR1
|
||||
'000000000001',
|
||||
'a0a1a2a3a4a5',
|
||||
'123456789abc',
|
||||
'b127c6f41436',
|
||||
'12f2ee3478c1',
|
||||
'34d1df9934c5',
|
||||
'55f5a5dd38c9',
|
||||
'f1a97341a9fc',
|
||||
'33f974b42769',
|
||||
'14d446e33363',
|
||||
'c934fe34d934',
|
||||
'1999a3554a55',
|
||||
'27dd91f1fcf1',
|
||||
'a94133013401',
|
||||
'99c636334433',
|
||||
'43ab19ef5c31',
|
||||
'a053a292a4af',
|
||||
'434f4d4d4f41',
|
||||
'434f4d4d4f42',
|
||||
'505249565441',
|
||||
'505249565442',
|
||||
-- Data from,:, http://pastebin.com/TUXj17K3
|
||||
'fc0001877bf7', -- RKF ÖstgötaTrafiken Key A
|
||||
'00000ffe2488', -- RKF ÖstgötaTrafiken Key B
|
||||
'0297927c0f77', -- RKF ÖstgötaTrafiken Key A
|
||||
'ee0042f88840', -- RKF ÖstgötaTrafiken Key B
|
||||
'54726176656c', -- RKF ÖstgötaTrafiken Key A
|
||||
'776974687573', -- RKF ÖstgötaTrafiken Key B
|
||||
|
||||
--[[
|
||||
The keys below are taken from from https://code.google.com/p/mifare-key-cracker/downloads/list
|
||||
--]]
|
||||
|
||||
'bd493a3962b6',
|
||||
'010203040506',
|
||||
'111111111111',
|
||||
'222222222222',
|
||||
'333333333333',
|
||||
'444444444444',
|
||||
'555555555555',
|
||||
'666666666666',
|
||||
'777777777777',
|
||||
'888888888888',
|
||||
'999999999999',
|
||||
'aaaaaaaaaaaa',
|
||||
'bbbbbbbbbbbb',
|
||||
'cccccccccccc',
|
||||
'dddddddddddd',
|
||||
'eeeeeeeeeeee',
|
||||
'0123456789ab',
|
||||
'123456789abc',
|
||||
'ffffffffffff', -- Default key
|
||||
}
|
||||
|
||||
--[[
|
||||
The keys above have just been pasted in, for completeness sake. They contain duplicates.
|
||||
We need to weed the duplicates out before we expose the list to someone who actually wants to use them
|
||||
|
||||
--]]
|
||||
|
||||
local function uniq(list)
|
||||
|
||||
local foobar = {}
|
||||
--print("list length ", #list)
|
||||
for _, value in pairs(list) do
|
||||
value = value:lower()
|
||||
if not foobar[value] then
|
||||
foobar[value] = true
|
||||
table.insert(foobar, value);
|
||||
end
|
||||
end
|
||||
--print("final list length length ", #foobar)
|
||||
return foobar
|
||||
end
|
||||
|
||||
return uniq(_keys)
|
143
client/scripts/mfkeys.lua
Normal file
143
client/scripts/mfkeys.lua
Normal file
|
@ -0,0 +1,143 @@
|
|||
--[[
|
||||
This is an example of Lua-scripting within proxmark3. This is a lua-side
|
||||
implementation of hf mf chk
|
||||
|
||||
This code is licensed to you under the terms of the GNU GPL, version 2 or,
|
||||
at your option, any later version. See the LICENSE.txt file for the text of
|
||||
the license.
|
||||
|
||||
Copyright (C) 2013 m h swende <martin at swende.se>
|
||||
]]
|
||||
-- Loads the commands-library
|
||||
local cmds = require('commands')
|
||||
-- Load the default keys
|
||||
local keys = require('mf_default_keys')
|
||||
local desc =
|
||||
("This script implements check keys. It utilises a large list of default keys (currently %d keys).\
|
||||
If you want to add more, just put them inside mf_default_keys.lua. "):format(#keys)
|
||||
|
||||
local TIMEOUT = 10000 -- 10 seconds
|
||||
|
||||
local function checkCommand(command)
|
||||
|
||||
--print("Sending this command : " .. tostring(command))
|
||||
local usbcommand = command:getBytes()
|
||||
core.SendCommand(usbcommand)
|
||||
local result = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT)
|
||||
if result then
|
||||
local count,cmd,arg0 = bin.unpack('LL',result)
|
||||
if(arg0==1) then
|
||||
local count,arg1,arg2,data = bin.unpack('LLH511',result,count)
|
||||
key = data:sub(1,12)
|
||||
return key
|
||||
else
|
||||
--print("Key not found...")
|
||||
return nil
|
||||
end
|
||||
else
|
||||
print("Timeout while waiting for response. Increase TIMEOUT in keycheck.lua to wait longer")
|
||||
return nil, "Timeout while waiting for device to respond"
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
function checkBlock(blockNo, keys, keyType)
|
||||
-- The command data is only 512 bytes, each key is 6 bytes, meaning that we can send max 85 keys in one go.
|
||||
-- If there's more, we need to split it up
|
||||
local start, remaining= 1, #keys
|
||||
local packets = {}
|
||||
while remaining > 0 do
|
||||
local n,data = remaining, nil
|
||||
if remaining > 85 then n = 85 end
|
||||
local data = table.concat(keys,"",start,n)
|
||||
--print("data",data)
|
||||
--print("data len", #data)
|
||||
print(("Testing block %d, keytype %d, with %d keys"):format(blockNo, keyType, n))
|
||||
local command = Command:new{cmd = cmds.CMD_MIFARE_CHKKEYS,
|
||||
arg1 = blockNo,
|
||||
arg2 = keyType,
|
||||
arg3 = n,
|
||||
data = data}
|
||||
local status = checkCommand(command)
|
||||
if status then return status, blockNo end
|
||||
start = start+n+1
|
||||
remaining = remaining - n
|
||||
end
|
||||
return nil
|
||||
end
|
||||
|
||||
-- A function to display the results
|
||||
local function displayresults(results)
|
||||
local sector, blockNo, keyA, keyB,_
|
||||
|
||||
print("________________________________________")
|
||||
print("|Sector|Block| A | B |")
|
||||
print("|--------------------------------------|")
|
||||
|
||||
for sector,_ in pairs(results) do
|
||||
blockNo, keyA, keyB = unpack(_)
|
||||
|
||||
print(("| %3d | %3d |%s|%s|"):format(sector, blockNo, keyA, keyB ))
|
||||
end
|
||||
print("|--------------------------------------|")
|
||||
|
||||
end
|
||||
-- A little helper to place an item first in the list
|
||||
local function placeFirst(akey, list)
|
||||
akey = akey:lower()
|
||||
if list[1] == akey then
|
||||
-- Already at pole position
|
||||
return list
|
||||
end
|
||||
local result = {akey}
|
||||
--print(("Putting '%s' first"):format(akey))
|
||||
for i,v in ipairs(list) do
|
||||
if v ~= akey then
|
||||
result[#result+1] = v
|
||||
end
|
||||
end
|
||||
return result
|
||||
end
|
||||
|
||||
local function main()
|
||||
|
||||
print(desc);
|
||||
|
||||
core.clearCommandBuffer()
|
||||
local blockNo
|
||||
local keyType = 0 -- A=0, B=1
|
||||
local result = {}
|
||||
for sector=1,40,1 do
|
||||
|
||||
--[[
|
||||
The mifare Classic 1k card has 16 sectors of 4 data blocks each. The
|
||||
first 32 sectors of a mifare Classic 4k card consists of 4 data blocks and the remaining
|
||||
8 sectors consist of 16 data blocks.
|
||||
--]]
|
||||
local blockNo = sector * 4 -1
|
||||
|
||||
if sector > 32 then
|
||||
blockNo = 32*4+ (sector-32)*16 -1
|
||||
end
|
||||
|
||||
local keyA = checkBlock(blockNo, keys, 0)
|
||||
if keyA then keys = placeFirst(keyA, keys) end
|
||||
keyA = keyA or ""
|
||||
|
||||
local keyB = checkBlock(blockNo, keys, 1)
|
||||
if keyB then keys = placeFirst(keyB, keys) end
|
||||
keyB = keyB or ""
|
||||
|
||||
result[sector] = {blockNo, keyA, keyB }
|
||||
|
||||
-- Check if user aborted
|
||||
if core.ukbhit() then
|
||||
print("Aborted by user")
|
||||
break
|
||||
end
|
||||
end
|
||||
displayresults(result)
|
||||
end
|
||||
|
||||
main()
|
||||
|
Loading…
Reference in a new issue